Man faces up to 35 years in prison for helping hackers evade detection by anti-virus software

What was Scan4You, and why was it called a counter anti-virus (CAV) website?

Scan4You, the largest known counter anti-virus website, went offline in May 2017 when two men were arrested in Latvia and extradited by the FBI to the United States.

37-year-old Ruslan Bondars (also known by the online handle “Borland”), one of the men arrested in Latvia in May 2017, has now been convicted in a US court of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage.

Bondars is scheduled to be sentenced on September 21 2018, and faces a maximum penalty of 35 years in prison.

His partner-in-crime, 36-year-old Jurijs Martisevs (also known as “Garrik”), pleaded guilty to charges of conspiracy and aiding and abetting computer intrusion in March.

So what was Scan4You, and why was it called a counter anti-virus (CAV) website?

Scan4You was set up in 2009 as an online service designed to help malware authors evade detection by security software. For a monthly fee you could upload your proposed malware sample to the website, which would then run a wide variety of anti-virus products against it, providing a report of which (if any) detected the file as malicious.

There are legitimate services which provide this type of service. VirusTotal is undoubtedly the most well known example of a legitimate website which invites anyone to upload potentially malicious files for free, and receive a report of what (if any) security products identify the same as in return. The key difference, however, is that VirusTotal automatically shares submissions with the security community.

What makes CAV sites like Scan4You so troubling is that they not only tell malicious hackers if their new malware is detected or not (thus inviting them to keep tweaking it until it is no longer spotted), but also do not share uploaded samples with security vendors for analysis.

In short, CAV sites like Scan4You help criminals create malware which has a higher chance of slipping past users’ defences. For instance, malicious hackers who used Scan4You’s services tested the Citadel malware that was subsequently used to steal 40 million credit card details, 70 million addresses, phone numbers and other pieces of personal information from customers in the infamous hack of US retail giant Target, causing hundreds of millions of dollars worth of damage.

“Ruslans Bondars helped hackers test and improve the malware they then used to inflict hundreds of millions of dollars in losses on American companies and consumers,” said John P. Cronan, Acting Assistant Attorney General of the Justice Department’s Criminal Division. “Today’s verdict should serve as a warning to those who aid and abet criminal hackers: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable—and we will work tirelessly to identify you, prosecute you, and seek stiff sentences that reflect the seriousness of your crimes.”

Scan4You is now permanently out of action, but that doesn’t mean that online criminals have lost interest in finding ways to evade detection by security software. We all have to remain alert to potential threats, keep systems patched and protected with a layered defence, and ensure that our staff, friends, and colleagues are clued up about the risks of clicking on an unsolicited email attachment or link.